qiurui
/
linux-kernelorg-stable
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-kernelorg-stable/net
History
Fedor Pchelkin 0c598aed44 net: openvswitch: fix flow memory leak in ovs_flow_cmd_new 
Syzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is
not freed when an allocation of a key fails.

BUG: memory leak
unreferenced object 0xffff888116668000 (size 632):
  comm "syz-executor231", pid 1090, jiffies 4294844701 (age 18.871s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000defa3494>] kmem_cache_zalloc include/linux/slab.h:654 [inline]
    [<00000000defa3494>] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77
    [<00000000c67d8873>] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957
    [<0000000010a539a8>] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739
    [<00000000dff3302d>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
    [<00000000dff3302d>] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800
    [<000000000286dd87>] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515
    [<0000000061fed410>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
    [<000000009dc0f111>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
    [<000000009dc0f111>] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339
    [<000000004a5ee816>] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934
    [<00000000482b476f>] sock_sendmsg_nosec net/socket.c:651 [inline]
    [<00000000482b476f>] sock_sendmsg+0x152/0x190 net/socket.c:671
    [<00000000698574ba>] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356
    [<00000000d28d9e11>] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410
    [<0000000083ba9120>] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439
    [<00000000c00628f8>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46
    [<000000004abfdcf4>] entry_SYSCALL_64_after_hwframe+0x61/0xc6

To fix this the patch rearranges the goto labels to reflect the order of
object allocations and adds appropriate goto statements on the error
paths.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Fixes: 68bb10101e ("openvswitch: Fix flow lookup to use unmasked key")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20230201210218.361970-1-pchelkin@ispras.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2023-02-02 11:32:51 -08:00
..
6lowpan
9p xen: branch for v6.2-rc4 2023-01-12 17:02:20 -06:00
802 treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
8021q
appletalk
atm
ax25
batman-adv Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
bluetooth Bluetooth: Fix possible deadlock in rfcomm_sk_state_change 2023-01-17 15:59:02 -08:00
bpf New Feature: 2022-12-17 14:06:53 -06:00
bpfilter
bridge netfilter: br_netfilter: disable sabotage_in hook after first suppression 2023-01-31 13:59:36 +01:00
caif caif: fix memory leak in cfctrl_linkup_request() 2023-01-05 10:19:36 +01:00
can Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
ceph Treewide: Stop corrupting socket's task_frag 2022-12-19 17:28:49 -08:00
core net: fix NULL pointer in skb_segment_list 2023-01-31 21:07:04 -08:00
dcb
dccp
dns_resolver
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-12-13 09:49:29 +01:00
ethernet
ethtool Revert "Merge branch 'ethtool-mac-merge'" 2023-01-24 17:44:14 +01:00
hsr
ieee802154
ife
ipv4 bpf-for-netdev 2023-01-27 23:32:03 -08:00
ipv6 ip/ip6_gre: Fix non-point-to-point tunnel not generating IPv6 link local address 2023-02-01 19:52:22 -08:00
iucv
kcm
key
l2tp l2tp: prevent lockdep issue in l2tp_tunnel_register() 2023-01-18 14:44:54 +00:00
l3mdev
lapb
llc
mac80211 Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" 2023-01-16 17:28:52 +02:00
mac802154 mac802154: Fix possible double free upon parsing error 2022-12-19 11:38:12 +01:00
mctp net: mctp: purge receive queues on sk destruction 2023-01-28 00:26:09 -08:00
mpls
mptcp mptcp: netlink: respect v4/v6-only sockets 2023-01-13 21:55:45 -08:00
ncsi
netfilter Revert "netfilter: conntrack: fix bug in for_each_sctp_chunk" 2023-01-31 14:02:48 +01:00
netlabel
netlink netlink: annotate data races around sk_state 2023-01-23 21:35:53 -08:00
netrom netrom: Fix use-after-free caused by accept on already connected socket 2023-01-30 07:30:47 +00:00
nfc net: nfc: Fix use-after-free in local_cleanup() 2023-01-13 20:53:44 -08:00
nsh
openvswitch net: openvswitch: fix flow memory leak in ovs_flow_cmd_new 2023-02-02 11:32:51 -08:00
packet Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
phonet
psample
qrtr net: qrtr: free memory on error path in radix_tree_insert() 2023-01-28 00:21:32 -08:00
rds
rfkill
rose net/rose: Fix to not accept on connected socket 2023-01-28 00:19:57 -08:00
rxrpc rxrpc: Fix wrong error return in rxrpc_connect_call() 2023-01-12 21:51:55 -08:00
sched net: sched: sch: Bounds check priority 2023-01-31 10:37:58 +01:00
sctp sctp: do not check hb_timer.expires when resetting hb_timer 2023-01-31 21:01:28 -08:00
smc
strparser
sunrpc nfsd-6.2 fixes: 2023-01-10 15:03:06 -06:00
switchdev
tipc tipc: fix unexpected link reset due to discovery messages 2023-01-06 12:53:10 +00:00
tls net/tls: tls_is_tx_ready() checked list_entry 2023-01-30 21:06:08 -08:00
unix unix: Fix race in SOCK_SEQPACKET's unix_dgram_sendmsg() 2022-12-15 11:35:18 +01:00
vmw_vsock Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
wireless Driver Core changes for 6.2-rc1 2022-12-16 03:54:54 -08:00
x25 net/x25: Fix to not accept on connected socket 2023-01-25 09:51:04 +00:00
xdp
xfrm Treewide: Stop corrupting socket's task_frag 2022-12-19 17:28:49 -08:00
Kconfig
Kconfig.debug
Makefile
compat.c
devres.c
socket.c Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
sysctl_net.c